CFP v3 has a typo in the “FTP Client” definition under “Predefined Firewall Policies” . The port defined for the Source Port of the “Allow Incoming FTP Data Requests” was listed as 20. It should be 80. The application of the FTP Client predefined policy will prevent your FTP client from working until this is corrected and applied to your FTP client’s entry in the “Network Security Policy” section under the Firewall>Advanced page.
Sorry, but port 80 is HTTP not FTP. You can do an FTP transfer utilising HTTP, but pure FTP is ports 20 and 21. It can and does work with these port settings for FTP.
Well, I was not getting any downloads to work, and I looked at the firewall log and it was port 80 that was listed as the Destination Port beside the Destination IP for the blocked download attempts. When I changed the port from port 20 to port 80, it worked immediately. Perhaps the particular download sites (2 only) were misconfigured? I will try another one and see.
This is normal to block incoming connections unless allowed. It would be pointless for a firewall to let port 80 be open because remote computers could access you while you were loading a page in a browser.
I tried another download with port 20 changed to port 80 and it works fine on that site as well. I imagine that some data is exchanged prior to the download from port 80 on the remote computer? Port 20 does not seem to be required to successfully download files. Just flying by the seat of my pants here. Anyone got the real scoop?
Are you downloading a file from an FTP site via an explorer window or are you using a dedicated FTP client?
I’m using Free Download Manager as a plugin for Firefox. It has its own fdm.exe entry in both the Network and Computer Security Policy pages.
So you are downloading via a browser which is using port 80.
I repeat - FTP uses ports 20 and 21 (it can also use a higher numbered response port if passive FTP is used).
HTTP uses port 80. You are downloading thourgh a browser - you are not doing an FTP file transfer.
There is a difference.
Thanks for the tip Ewen. I guess that I’ll just write a rule set for FDM and leave the FTP client rules intact in case I need them later.
No probs. I’ll mark this as resolved and close the thread. If you need it reopend, PM me or one of the other mods.